kotovalexarian-likes-github/ruby--ruby
1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2022-11-09 12:17:21 -05:00
Code Releases Activity

Fixed command Injection

Browse source 
* resolv.rb (Resolv::Hosts#lazy_initialize): fixed potential
  command Injection in Hosts::new() by use of Kernel#open.
  [Fix GH-1777] [ruby-core:84347] [Bug #14205]

From: Drigg3r <drigg3r@yandex.com>

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61349 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
nobu 2017-12-20 04:18:31 +00:00
parent 6df552eaee
commit e7464561b5
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
lib/resolv.rb
View file

@ -188,7 +188,7 @@ class Resolv
unless @initialized unless @initialized
@name2addr = {} @name2addr = {}
@addr2name = {} @addr2name = {}
open(@filename, 'rb') {|f| File.open(@filename, 'rb') {|f|
f.each {|line| f.each {|line|
line.sub!(/#.*/, '') line.sub!(/#.*/, '')
addr, hostname, *aliases = line.split(/\s+/) addr, hostname, *aliases = line.split(/\s+/)